Phishing For Info: Brand Name Spoofs Steal Your Data
October 23, 2020
Some of the biggest brand names in the world are being used as bait for spoofed (fake) websites. Whether it’s spoofed websites or email phishing, cybercriminals want us to believe they are who they claim to be. A study by Check Point Research finds in the second quarter of this year, the new list of top 5 companies ripe for impersonation, in order are: Google, Amazon, WhatsApp, Facebook, and Microsoft. These tech titans have a lot of sway when it comes to legitimacy, and hackers are happy to exploit consumer trust and twist it to their advantage.
Check Point’s study, Brand Phishing Report for Q2 2020, takes a look at the new leaders in brand spoofing for the second quarter of this year, Q2. The top brand names spoofed in Q2 finds Google and Amazon tied for first place with brand phishing at 13% each. WhatsApp and Facebook each took 9% for third place, with Microsoft coming in fourth place with 7%, and Outlook taking fifth with 3%. Following the top five brands, Netflix, Apple, Huawei, and PayPal are all tied, having 2% of the most spoofed brand names.
Looking to the most spoofed industries overall, technology takes the #1 spot, followed by banking and then social networks. All three categories have been “go to” industries for bad actors looking to steal account numbers, passwords, and any other data they can get. Considering how many users invest their trust in these industries daily, it’s easy to see just how effective brand spoofs can be.
Big brand spoofing may be here to stay for now, but everyday users can take steps to limit how effective it is by following these steps:
- Verifying an authentic website starts with never following email links and never opening attachments. Instead, check legitimate sources for the true retailer website and any links to their promotions before acting on them.
- Beware of look-alike domain names, generic greetings, spelling errors, and bad grammar on websites and in emails, especially those from unfamiliar sources. Hackers trick victims by using very similar, but not exact domain name spellings, hoping to catch users not paying close attention.
- Beware of “incredible” discounts and offers. If it doesn’t pass the “too good to be true” smell test, it’s safe to assume it’s phishing and move on.